From InfoAnarchy
Jump to: navigation, search

See also: Cryptography | S/MIME | SSL

A method of identification similar to a driver's license for the Internet. Certificates are also used for cryptography. This method differs from many others in that it is generally much more transparrent to the end-user and is almost always commercial in nature. This money spent pays for Certificate Authorities (CA), sometimes known as public key infrastructures (PKI), to track the use of a certificate and work as an automatic service that affirms the validity of a communication.

Certificates can utilize both Public-Key Cryptosystems for encryption and Hashes for authentication. Certificates are used in almost all Web transations (SSL) and much of the Web's e-mail using S/MIME.

PGP and GPG-encrypted email varies from certificate-based systems in that the user is the sole owner of any key pairs generated and it is their responsibility to check for validity either checking the key fingerprint directly with the owner of the key if they know hime or using the web of trust attached to the key. Technically, there is not much differences between a certificate and a PGP/GPG key pair, it's mostly a question of centralized trust (X.509 certificates) versus web of trust (PGP keys).

S/MIME and SSL are better usually better integrated in applications than PGP/GPG but don't serve the very paranoid as well (when you choose to trust a CA you'll trust all the certificates it emmited, while PGP/GPG offers you a much more fine grained approach to trust).

Some certificate providers